Global CISO Executive Summit

Are you ready for the live podcast that has spotlighted one of the most critical areas of InfoSec – relations between buyers and sellers of cybersecurity products? Join us at the Four Seasons Nashville as our host David Spark and special guests comment on hot cybersecurity issues, and listener questions, and play risk-based security games like "What's Worse?!"

 Join your peers as we welcome the community back to the Global CISO Executive Summit. 

The Global CISO Executive Summit agendas are driven by the mission-critical priorities identified among the community. Each agenda is uniquely crafted ‘by Global CISOs, for Global CISOs,’ and will be available closer to the gathering. All topics and sessions will be inspired by the following themes.

• Advancing the Business Value of Security
• Protecting Critical Infrastructure Against Advanced Attacks
• Investing in Company Culture to Attract Talent and Empower Staff

During the second day of the 3-day Executive Summit, attendees will be given the opportunity to attend a variety of sessions, including keynotes, peer-led breakout presentations, and boardroom discussions.

Many of our sessions will be hosted by the community’s most strategic partners.

For questions about the sessions, please contact Kody Paine, Senior Community Program Manager at kody.paine@evanta.com

This will be an intimate, informal space for women in cybersecurity leadership roles and their allies to freely discuss best practices, key challenges and mission-critical priorities. Come prepared to share ideas and forge new connections that can help empower each other to make an impact in your organizations and communities.

This session is aimed at, but not limited to, women who are leading the cybersecurity function at their organizations (CISO or equivalent) and those reporting directly to the CISO/equivalent. Priority access will be reserved to these groups.

Every age is accompanied by new, special demands for the decision-makers who steer the fortunes of companies. In recent years, business success has become intrinsically linked to IT infrastructure and seamless and secure connectivity is the key to unlock innovation and accelerate business outcomes. To reach this state, enterprises are transforming their networks and security to a zero trust architecture, thereby reducing risk, eliminating cost and complexity and increasing agility.

Join this session to hear Jay Chaudhry and Tim Callahan to learn:

• How zero trust architecture secures users, workloads, IoT/OT devices, and your business partners by addressing critical security shortcomings of legacy network architecture
• How to reduce network complexity without exposing your organization to new risks
• The key steps in a phased secure digital transformation journey as well as proven advice to drive the mindset and cultural change required

If advancements in AI haven't peaked, then neither have the interests or expectations of organizational leadership. And though it's no small order, finding a thoughtful, low-risk, high-reward, goal-enabling approach to the enterprise's AI use is up to technology executives.

In this panel-led discussion and collaboration session, you'll:

• Consider the pros and cons of a formal, business-wide, AI policy
• Learn from those who have banned the tool, as well as those who were early adopters
• Prepare yourself to answer even the hardest AI questions leadership may ask

Today’s security professionals must keep the business afloat while navigating architectural challenges with securing modern infrastructure with traditional defenses. How can CISOs learn from shipbuilders about a design pattern that has stood the test of time in ensuring that a breached hull does not mean a sunken ship?

In this session, we will cover:

• Challenges in dealing with initial access techniques such as phishing and exploiting zero-day vulnerabilities
• Enabling developers who need to move fast without sacrificing security
• Ways to build defense in depth that offer more opportunities to avoid disaster in post-breach scenarios

Given today’s dynamic threat landscape, involving constantly changing malicious TTPs, CISOs must have a proactive threat management strategy to handle complex attacks. However, with widely distributed infrastructures and the number of tools with different levels of control and responsibility, maintaining true visibility is difficult. Staffing shortages and the high volume of alerts that come in from fragmented tools adds to this challenge. The solution? Unifying the analyst experience to connect existing tools and workflows across your hybrid cloud environment.

Join this session to discuss:

• Detecting and responding to advanced attacks like ransomware
• Unifying the analyst experience with AI and machine learning - starting with understanding your attack surface and through EDR/XDR, SIEM, SOAR
• Identifying blind spots in your cloud security strategy due to information fragmentation

Ideally, threats get stopped at the door. But in a developing environment or a growth period for your security program, it can be tough to continuously find and fix the flaws that happen at every stage. 

Gather with your C-Level peers to discuss: 

• Why increased security sometimes starts with developer competency

• Ways of managing and maintaining your attack surface

• Actionable, practical response processes

In these times of rapid technological advancement, data stands as the cornerstone of innovation. As we navigate through the information age, it's evident that data residing in the cloud represents the fastest area of growth. To maintain pace with the agility of cloud operations, it is imperative to discover and adopt strategic approaches and robust architectures.

Gather with your C-level peers to:

• Start solving the challenge of data visibility in the cloud
• Determine who in your organization should own data security (CISO? CDO? CPO?)
• Discuss how automation and agility can be accomplished through tooling or processes

Be among the first to see what’s new and next in the security solutions landscape. Three early-stage providers will get the chance to showcase their innovative solutions to the most pressing cybersecurity challenges.

You'll hear from: 

• Cranium
• Crash Override
• Regscale

Generative AI has tremendous promise for businesses but also comes with peril. While AI promises to bring tremendous efficiency, protecting your organization during the era of AI will become increasingly difficult. 

Join this session to hear Amit Singh, Palo Alto Network's Chief Business Officer to explore:

• How attackers adopt and deploy AI
• Examples of how major incidents–like Solarwinds or Log4J–would be different if attackers were equipped with AI in their toolset
• How CISOs should prepare moving forward

You've spent a good majority of your career in information security, climbing your way to the top - to the CISO role. You're finally there, but what's next? What are your career options, and how should you prepare for exploring them?

Join this session with Emily Heath, current board member and former CISO to learn about: 

• How to set yourself up for success when preparing for the transition after a CISO Role
• Knowing what your career options are
• The skills and experience you'll need to bolster your board position marketability 

IT professionals and cybersecurity practitioners face immense challenges adapting to shifts in the desired work models employed by users and their organizations. According to recent Gartner®️ research*, "Enterprise browsers will evolve to become the core platform for almost all of the day-to-day enterprise productivity and security software used by the workforce." Traditional architectural approaches are quite limited in such areas as BYOD programs, contractor/third-party provisioning, hybrid work, and modernization efforts. What if solutions to many of these difficult challenges could be solved by reimagining the browser as a core component of enterprise architecture? 

In this session, Island will provide examples on how this new category and technology:

• Revolutionizes your organization, enabling you to address modern work challenges while unlocking new opportunities.
• Streamlines BYOD, contractor/third-party, and hybrid work initiatives with innovative architectural approaches
• Implements novel security measures to safeguard organizational applications and data

* Source: Source: Gartner, Emerging Tech: Security — The Future of Enterprise Browsers, Dan Ayoub, Evgeny Mirolyubov, Max Taggett, Dave Messett, 14 April 2023 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Time is critical in third-party risk decisions and security teams face a balancing act in conducting proper vendor due diligence without being perceived as the impediment to the speed of business. Data is critical to these risk conversations and the time has come to combine generative AI and third-party risk to enhance insights from third-party risk assessments and intelligence to accelerate vendor decisions.

Join this session to discuss the potential of generative AI to:

• Revolutionize the speed at which teams extract insights
• Improve efficiency, decision-making and reducing resources required for assessments and discuss a real-world use case
• Address challenges in the third-party risk lifecycle

Managing cyber risk across an Global IT infrastructure has never been harder. Remote workers, advancing attack methods, and an ever-expanding vendor network are challenging every firm, as total visibility into threats has become nearly impossible. As digital business strategy matures, more organizations are becoming dependent on the cyber posture and protection of third parties. Third-party risks present a unique challenge because you are depending on vendors and partners to operate securely to keep your data and information safe. As a global security leader, how are you mitigating the associated risks and demonstrating this to the business to ensure effective security programs?

Join our session to hear about:

• Common failings across TPRM programs that led to breach events
• How executives can provide strategic direction for third-party risk teams
• Key practices being implemented by leading vendor risk firms to maintain strong supply chain risk management

There are many different challenges that can occur when trying to manage the cloud as a security leader. While cloud threat detection is important, you'll also need to know how to measure the cloud security scaling process. Challenges like these will arise, but what about integrating and navigating cloud security tools while keeping compliance at the forefront of your strategy? With the right approach, you should feel empowered to fortify your organizations' cloud security posture.

Join this thought-provoking discussion with your Global CISO peers to discuss:

• Effectively enhancing organizational capabilities to detect and respond to threats targeting cloud environments
• Key considerations for formulating an effective incident response plan in the cloud
• Today's unique compliance challenges organizations face when operating in the cloud

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

The complexity of the cyber domain extends well beyond the technology. Navigating across cultures is essential to the success of any cyber initiative. International relations, the IT/OT gap, public/private partnerships, and diversity issues can all add layers of complexity. But by building bridges to join otherwise disconnected groups, your initiatives can be more successful with more durable results. 

Join Nicole Ford, CISO at Rockwell Automation, and Rex Booth, CISO at SailPoint, as they: 

• Explore just some of the many cultural disconnects in the our domain
• Consider how best to close those gaps
• Determine which practices lead to long-term change for you and your organization

Let’s face it - Not all AI is created equal. But when used properly, data science and AI can turn the tables on cyberattacks in favor of defenders. During this session, we’ll navigate the merits of the dominant AI methodologies, dispel misconceptions, consider the impact of Generative AI and LLMs, and unveil how AI can transform the SOC away from manual and mundane tasks and empower analysts to stay ahead of the evolving threat landscape.

Join Hitesh Sheth, Chief Executive Officer at Vectra AI, to discover:

• Key differences in AI methodologies and which work best for threat detection
• How integrated signal reduces alert noise and surfaces real threats
• Why AI is key to empowering humans to move at the speed of hybrid and multi-cloud attackers

The world has changed, but have your security policies and tools kept up? Are they fit for a world with a hybrid workforce accessing data primarily from the cloud? Organizations need to adapt and evolve as their data moves to the cloud, embracing change and enabling secure productivity, not locking data down.

In this interactive discussion, we will focus on:

• The evolution of threats and breaches after digital transformation
• Simplifying and simultaneously improving cloud-based data protection
• The changing endpoint problem

Monitoring, alerting, immutable configurations are simple strategies that lead to security success. But why are we our own worst enemy?

Join this boardroom session with your global peers to dig in deeper on:

• The persistent issues of insecure configurations such as IAM, alerting, monitoring logging and encryption
• Misconfigurations that are consistently exploited in the real world
• The why AND how to addressing all of the above

The cloud security landscape never stops evolving. For the Global CISO, trying to keep pace will only get you so far. You'll need to stay ahead by highlighting risk, compliance, and collaboration strategies.

Join this gathering of your Global C-level peers to begin:

• Navigating the challenge of prioritization between risk mitigation and compliance
• Evaluating the effectiveness of security tools in complex cloud environments
• Discovering ways to unify security and development teams

Whether it's where we work, the clouds, or devices used — the blend between personal, corporate, private, and public is ever-changing and presents us with a host of new challenges. This has complicated the attack surface many times over and the pressure to converge tools, quickly evaluate AI-based solutions, and do “more with less” is at peak levels. We must meet this watershed moment with the right team, plans, and technology.

Join this session to learn:

• Technology trends that are driving emerging capabilities, including AI
• Consolidation approaches that save money without sacrificing security
• Real-world stories and use cases that deliver immediate value and efficiency

Chris Nikic is an American athlete who made history by becoming the first person with Down Syndrome to complete a full Ironman triathlon. Since then, Chris has inspired people around the globe with his determination and unwavering tenacity. He continues to show others how shifting your focus from your disabilities to your abilities can help anyone achieve any goals they aspire to achieve.

In this session Chris shares how to:

• Overcome personal and societal obstacles
• Apply the 1% Better strategy and develop a success habit
• Build a no-quit grit and success mindset to achieve the impossible

Organizations worldwide are being faced with multistage attacks such as BEC, ransomware, and supply chain, that happen with the same basic steps in the same sequence. It’s been a decade since defenders began referring to this as the attack chain, but the attacks continue to successful with the same tactics, from phishing to Active Directory abuse to data exfiltration. So how do we finally turn the tables on adversaries, and take away what they depend across the attack chain?

Join this keynote as Ryan Kalember discusses:

• Understanding the evolving nature of initial compromises
• The art and science of preventing small compromises from becoming big incidents
• Reducing your team's workload by using the attack chain to prioritize controls

The fourth industrial revolution is well underway. Industrial sites, once safely air-gapped, are now sprawling with connected devices. Mix in other factors like cloud or remote access and it becomes clear: The CISOs jurisdiction is changing rapidly. Where organizations stand on this security journey may vary. Some may be in the early phases or still gathering leadership buy-in. Others may be further down the line, ready to share their successful practices.

Join this session and start understanding:

• Your new or growing operational technology responsibilities
• How to (and how NOT to) start or revamp your OT security journey 
• What you can do to effectively bring IT and OT along on the journey

Despite the challenges posed by organizational and technological silos that can occur with the global enterprise, the modern CISO is stepping up to the plate. Impactful digital transformation through intentional technology decisions can minimize organizational obstacles.

Join this session to discover:

• Embracing digital transformation to stay competitive and secure in today's business world
• Leveraging SASE to simplify your security architecture, level-up compliance monitoring and improve visibility globally
• Driving meaningful change with a holistic approach that considers not just security, but also organizational culture, processes, and people

With the emergence of new generative AI models such as OpenAI ChatGPT, there are now many initiatives across various industries to find new use cases and opportunities to leverage this technology. Cybersecurity is no different, and some technology providers are already launching new products and features based on Large Language Models (LLMs).

In this session we’ll discuss:

• What are the use cases for LLMs and other generative AI systems in the Security Operations Center?
• How can organizations leverage the technology without falling into the trough of disillusionment?
• Where do we go from here, and what can the SOC expect from the future of AI?

CISOs and security leaders from across the globe have implemented a myriad of AppSec tools and processes. But its only by dissecting the efficacy of tools like SAST, DAST, and SCA; or processes like Threat Modeling and Pen Testing, that you’ll ever be able to determine which are actually delivering results. It’s time to address the issue through thoughtful exchange and leave with actionable insights.

Join this lively, closed-door discussion to:

• Challenge your assumptions regarding these long-accepted processes
• Share perspectives and gather understanding through the experiences of your fellow CISOs
• Gain a fresh understanding of AppSec strategies

Be among the first to see what’s new and next in the security solutions landscape. Three early-stage providers will get the chance to showcase their innovative solutions to the most pressing cybersecurity challenges.

You'll hear from: 

• Interpres Security
• HiddenLayer
• Blackbird AI

Talent is a key engine for any company and cyber is no exception. In her keynote speech, Kirsten Davies, Global CISO, Unilever, will share why she’s passionate about using internal, external and unconventional talent pools to build and develop a sustainable global talent pipeline. 

Join this session and begin: 

• Placing diversity and inclusivity at the core of everything you do
• Breaking new ground and finding new ways of managing the holistic talent life cycle, enabled by advanced technology
• Forging partnerships across the business to attract a new generation of talent from outside the core cyber function